Computer System Validation

CSV is a methodology applying to computerized solutions in highly regulated industries like pharmaceutical and medical devices.

• Are the specifications in line with the user requirements?

• Have you defined standard operating procedures?

• Do you have a solid understanding of your installation process?

• Are your operational functions accurate and secure?

• Are you performing performance tests on specific applications?

Common Compliance Standards

GMP and GAMP

Computer System Validation ensures your computer systems are implemented and used according to GMP guidelines. In industries such as the Pharmaceutical Industry validation is a necessity. Adherence to pharmaceutical GMP guidelines helps companies maintain consistent quality and reliability for their electronic record keeping.

Dynetek can help you achieve Computer System Validation based on GMP & GAMP guidelines.

HIPAA

The  Health Insurance Portability and Accountability Act of 1996 was created to modernize the flow of healthcare information and specify how personally identifiable data of patients should be stored and transferred. The core HIPAA is Protected Health Information (PHI) and holds all parties involved in the healthcare industry responsible to keep patient records private and secure.

 

With electronic PHI systems replacing traditional paper-based systems becoming more common, the risk of breaching HIPAA standards is much higher when these systems aren’t developed correctly.

5 Major rules Healthcare Systems should consider to avoid risk or disasters :

1. The Security Rule

This rule holds PHI system developers to a certain standard with regard to health information security. This rule dictates that developers conduct a periodic breach risk analysis to ensure that their systems can withstand unauthorized access attacks.

2. The Breach Notification Rule

This rule stipulates that any data breach should be reported to the Office For Civil Rights of the US Health and Human Services within 60 days. The patients whose information was compromised must also be notified. If this breach affected more than 500 people the media should be informed as well.

3. The Privacy Rule

This rule consists of a list of requirements regarding the protection of patient information, It stipulates that a patient’s healthcare history must inaccessible from third parties while still providing the patient access to their own records.

4. The Omnibus Rule

This rule was added to expand on all the other rules mentioned. It extends the responsibilities and obligations that all parties have to comply with when working with protected health information.

5. The Enforcement Rule

This rule clarifies how an investigation should be conducted when a data breach was detected and the penalities a company is liable for in such a case. The penalty amount will be based on the number of records exposed and the existence of any prior breaches on the same system.

HIPAA Compliant Checklist

1. Transport Encryption

With the use of standards like HL7 and FHIR  along with protocols like SSL and HTTPS, we ensure that any data transport between systems is completely secure and encrypted.

2. Backup

Any and all information relating to the healthcare system can be backed up at increments and stored separately from the running system to ensure that any loss of data is only temporary.

3. Authorization

Our team can upgrade or build access control points and secure logins to ensure that no unauthorized parties can gain access to personal patient information on your system.

4. Integrity

Ensuring that patient medical or billing information can not be altered or tampered with is of utmost importance to us, The key is to develop a system that can detect when records have been altered from unauthorized sources and divide responsibility roles within the organization ensuring that no one user has complete control over the entire system.

5. Storage Encryption

It is important to secure data all access points to patient information. Aspects like backups, system sorted data, and logs can’t be overlooked when ensuring full protection of sensitive patient information.  Systems we often recommend and use like Microsoft Dynamics Business Central have encryption built in to protect all information used within it. We are also versed in using algorithms like RSA and AES for encryption of other data sources.

6.Disposal

Ensuring that archived data is cleared once a specific server or application is used is also an important aspect of ensuring your system protects patient information. Always assume that each aspect of your system keeps some sort of archive data that needs to be cleared once it is no longer being used.

7. Business Associate Agreement

There are certain rules and agreements any vendor that works with sensitive health data must adhere to and ensure that they are HIPAA compliant. Our job is to ensure that the system we developed follow these rules and protect the healthcare data in today’s information age.

If you have any more questions regarding Computer System Validation or how we can assist in ensuring that your system is built with the correct standards in mind, visit our Contact Us page.

  • Fast track administrative approval.

  • Maximize the value of the system and the employees that use it.

  • Discover system defects early.

  • Reduces risk and legal liability

  • Promote continual process improvement.

Software & Computer Systems

Successfully pass regulatory inspections.